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Amendments to the Claims : 
This listing of claims replaces all prior versions and listings of claims in the application: 

Listing of Claims : 

1 . (Currently Amended) A method for processing data packets in a computer network, 
comprising: ' 

configuring a multilayer switch to process data packets at wire-speed based on one or 
more user defined packet policies, each user defined packet policy specifying information for 
one or more of Layers 4 through 7 and being active during one or more specified date or time 
intervals ; 

receiving a data packet at the multilayer switch, the data packet including information 
from one or more of Layers 2 through 7 of the OSI model; 

determining if there is a match between the data packet and one or more of the packet 
policies, each packet policy authorizing matching data packets to use the computer network; 

if there is a matching packet policy authorizing the data packet, routing the data packet 
using a Layer 2-3 switch; and 

if there is no matching packet policy authorizing the data packet, blocking the data 

packet. 

2. (Currently Amended) The method of claim 1, wherein th e us e r d e fin e d pack e t polici e s 
includ e tim e d packet polici e s, th e tim e d pack e t polici es b e ing activ e during specifi e d dat e or 
tim e int e rvals, and determining if there is at least one matching packet polic y further comprises: 

determining if there is a currently active timed matching policy. 
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3. (Original) The method of claim 1, wherein the user defined packet policies authorize data 
packets being transmitted or received by authorized users, applications, physical ports, 
application ports, IP addresses, or MAC addresses. 

4. (Original) The method of claim 1 , wherein blocking the data packet comprises: 
discarding the data packet, logging the data packet, or forwarding the data packet to a 

multilayer switch application for processing. 

5. (Original) A method for processing data packets in a computer network, comprising: 
configuring a multilayer switch to process data packets at wire-speed based on one or 

more user defined packet policies, each user defined packet policy specifying information for 
one or more of Layers 4 through 7; 

receiving a data packet at the multilayer switch, the data packet including information 
from one or more of Layers 2 through 7 of the OSI model; 

determining if there is a match between the data packet and one or more packet policies 
that specify a second packet policy to be applied to the matching data packets, the second packet 
policy having one or more policy action fields; and 

if there is a matching packet policy specifying a second packet policy, processing the data 
packet based on the policy action fields of the second packet policy. 

6. (Original) The method of claim 5, wherein the matching packet policy specifies the 
application of a preexisting second packet policy, and processing the data packet comprises: 

identifying the preexisting second packet policy specified by the matching packet policy; 



processing the data packet based on the policy action fields of the preexisting second 
packet policy. 



and 
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7. (Original) The method of claim 5, wherein the matching packet policy specifies the 
application of a dynamically created second packet policy, and processing the data packet 
comprises: 

creating the second packet policy specified by the matching packet policy; and 
processing the data packet based on the policy action fields of the created second packet 

policy. 

8. (Original) The method of claim 5, wherein processing the data packet comprises: 
routing the data packet using a Layer 2-3 switch. 

9. (Withdrawn) A method for processing data packets in a computer network, comprising: 
configuring a multilayer switch to process data packets at wire-speed based on one or 

more user defined packet policies, each user defined packet policy specifying information for 
one or more of Layers 4 through 7; 

receiving a data packet at the multilayer switch, the data packet including information 
from one or more of Layers 2 through 7 of the OS I model; 

determining if there is a match between the data packet and one or more packet policies, 
that assign a quality of service (QoS) metric to matching data packets; 

if there is a matching packet policy assigning a QoS metric to the data packet, 
determining a priority for the data packet based on the assigned QoS metric; and 

routing the data packet using a Layer 2-3 switch based on the priority. 

10. (Withdrawn) The method of claim 9, wherein the QoS metric specifies prioritization, 
bandwidth allocation, minimum bandwidth allocation, maximum bandwidth allocation, or 
network access permission for the data packet. 

1 1 . (Withdrawn) The method of claim 9, wherein assigning a QoS metric includes assigning 
a QoS metric based on application, application type, application port, physical port, elapsed time, 
time of day, day of week, date or time interval. 
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12. (Withdrawn) The method of claim 9, wherein assigning a QoS metric includes assigning 
a QoS metric for individual users, workgroups, VLAN, subnets, networks, IP addresses, IP 
address range, MAC addresses, and MAC address range. 

13. (Canceled) 

14. (Canceled) 

15. (Canceled) 

16. (Canceled) 

17. (Canceled) 

18. (Canceled) 

19. (Withdrawn) A method for processing data packets in a computer network, comprising: 
configuring a multilayer switch to process data packets at wire-speed based on one or 

more user defined packet policies, each user defined packet policy specifying information for 
one or more of Layers 4 through 7; 

receiving a data packet at the multilayer switch, the data packet including information 
from one or more of Layers 2 through 7 of the OSI model; 

determining if there is a match between the data packet and one or more of the packet 
policies, each packet policy specifying that surveillance is to performed on the data packet; 

if there is a matching packet policy specifying surveillance, mirroring the data packet to a 
specified location; and 

processing the data packet using the multilayer switch. 

20. (Withdrawn) The method of claim 19, wherein processing the data packet comprises: 
routing the data packet using a Layer 2-3 switch. 
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21 . (Currently Amended) A computer program product tangibly embodied in a computer 
readable medium storage device , the computer program product comprising instructions operable 
to cause data processing equipment to: 

configure a multilayer switch to process data packets at wire-speed based on one or more 
user defined packet policies, each user defined packet policy specifying information for one or 
more of Layers 4 through 7 and being active during one or more specified date or time intervals ; 

receive a data packet at the multilayer switch, the data packet including information from 
one or more of Layers 2 through 7 of the OSI model; 

determine if there is a match between the data packet and one or more of the packet 
policies, each packet policy authorizing matching data packets to use the computer network; 

if there is a matching packet policy authorizing the data packet, route the data packet 
using a Layer 2-3 switch; and 

if there is no matching packet policy authorizing the data packet, block the data packet. 

22. (Currently Amended) The computer program product of claim 2 1 , wherein the user 
defin e d pack e t polici e s includ e timed packet polici e s, th e tim e d pack e t polici e s b e ing activ e 
during sp e cifi e d dat e or tim e int e rvals, and th e instructions for determining if there is at least one 
matching packet policy causes the data processing equipment to: 

determine if there is a currently active timed matching policy. 

23 . (Original) The computer program product of claim 2 1 , wherein the user defined packet 
policies authorize data packets being transmitted or received by authorized users, applications, 
physical ports, application ports, IP addresses, or MAC addresses. 

24. (Original) The computer program product of claim 21, wherein the instructions for 
blocking the data packet cause the data processing equipment to: 

discard the data packet, log the data packet, or forward the data packet to a multilayer 
switch application for processing. 
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25. (Currently Amended) A computer program product tangibly embodied in a computer 
readable m e dium storage device , the computer program product comprising instructions operable 
to cause data processing equipment to: 

configure a multilayer switch to process data packets at wire-speed based on one or more 
user defined packet policies, each user defined packet policy specifying information for one or 
more of Layers 4 through 7; 

receive a data packet at the multilayer switch, the data packet including information from 
one or more of Layers 2 through 7 of the OSI model; 

determine if there is a match between the data packet and one or more packet policies that 
specify a second packet policy to be applied to the matching data packets, the second packet 
policy having one or more policy action fields; and 

if there is a matching packet policy specifying a second packet policy, process the data 
packet based on the policy action fields of the second packet policy. 

26. (Original) The computer program product of claim 25, wherein the matching packet 
policy specifies the application of a preexisting second packet policy, and the instructions for 
processing the data packet cause the data processing equipment to: 

identify the preexisting second packet policy specified by the matching packet policy; 

and 

process the data packet based on the policy action fields of the preexisting second packet 

policy. 

27. (Original) The computer program product of claim 25, wherein the matching packet 
policy specifies the application of a dynamically created second packet policy, and the 
instructions for processing the data packet cause the data processing equipment to: 

create the second packet policy specified by the matching packet policy; and 
process the data packet based on the policy action fields of the created second packet 

policy. 
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28. (Original) The computer program product of claim 25, wherein the instructions for 
processing the data packet cause the data processing equipment to: 

routing the data packet using a Layer 2-3 switch. 

29. (Withdrawn) A computer program product tangibly embodied in a computer readable 
medium, the computer program product comprising instructions operable to cause data 
processing equipment to: 

configure a multilayer switch to process data packets at wire-speed based on one or more 
user defined packet policies, each user defined packet policy specifying information for one or 
more of Layers 4 through 7; 

receive a data packet at the multilayer switch, the data packet including information from 
one or more of Layers 2 through 7 of the OSI model; 

determine if there is a match between the data packet and one or more packet policies, 
that assign a quality of service (QoS) metric to matching data packets; 

if there is a matching packet policy assigning a QoS metric to the data packet, determine 
a priority for the data packet based on the assigned QoS metric; and 

route the data packet using a Layer 2-3 switch based on the priority. 

30. (Withdrawn) The computer program product of claim 29, wherein the QoS metric 
specifies prioritization, bandwidth allocation, minimum bandwidth allocation, maximum 
bandwidth allocation, or network access permission for the data packet. 

3 1 . (Withdrawn) The computer program product of claim 29, wherein assigning a QoS 
metric includes assigning a QoS metric based on application, application type, application port, 
physical port, elapsed time, time of day, day of week, date or time interval. 

32. (Withdrawn) The method of claim 9, wherein assigning a QoS metric includes assigning 
a QoS metric for individual users, workgroups, VLAN, subnets, networks, IP addresses, DP 
address range, MAC addresses, and MAC address range. 



33. (Canceled) 
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34. (Canceled) 

35. (Canceled) 

36. (Canceled) 

37. (Canceled) 

38. (Canceled) 

39. (Withdrawn) A computer program product tangibly embodied in a computer readable 
medium, the computer program product comprising instructions operable to cause data 
processing equipment to: 

configure a multilayer switch to process data packets at wire-speed based on one or more 
user defined packet policies, each user defined packet policy specifying information for one or 
more of Layers 4 through 7; 

receive a data packet at the multilayer switch, the data packet including information from 
one or more of Layers 2 through 7 of the OSI model; 

determine if there is a match between the data packet and one or more of the packet 
policies, each packet policy specifying that surveillance is to performed on the data packet; 

if there is a matching packet policy specifying surveillance, mirror the data packet to a 
specified location; and 

process the data packet using the multilayer switch. 

40. (Withdrawn) The computer program product of claim 39, wherein the instructions for 
processing the data packet cause the data processing equipment to: 

route the data packet using a Layer 2-3 switch. 



